1. Computer problem? Tech Support Guy is completely free -- paid for by advertisers and donations. Click here to join today! If you're new to Tech Support Guy, we highly recommend that you visit our Guide for New Members.

"system progressive security"

Discussion in 'Virus & Other Malware Removal' started by ShonaK, Oct 12, 2012.

Thread Status:
Not open for further replies.
Advertisement
  1. ShonaK

    ShonaK Thread Starter

    Joined:
    Oct 12, 2012
    Messages:
    7
    .
    I am getting a lot of pop ups telling me my computer is infected and it will not stop. I was told that "system progressive Security" was a very bad one "malware" I seriously need help fixing it bcz I don't have $100 that everyone is asking

    Thank you,


    DDS (Ver_2011-08-26.01)
    .
    Microsoft Windows 7 Home Premium
    Boot Device: \Device\HarddiskVolume2
    Install Date: 2/6/2012 8:29:09 PM
    System Uptime: 10/12/2012 9:19:07 PM (0 hours ago)
    .
    Motherboard: eMachines | | EL1358G
    Processor: AMD Athlon(tm) II X2 220 Processor | CPU 1 | 2812/200mhz
    .
    ==== Disk Partitions =========================
    .
    C: is FIXED (NTFS) - 912 GiB total, 855.3 GiB free.
    D: is CDROM ()
    E: is Removable
    .
    ==== Disabled Device Manager Items =============
    .
    Class GUID: {8ECC055D-047F-11D1-A537-0000F8753ED1}
    Description: Security Processor Loader Driver
    Device ID: ROOT\LEGACY_SPLDR\0000
    Manufacturer:
    Name: Security Processor Loader Driver
    PNP Device ID: ROOT\LEGACY_SPLDR\0000
    Service: spldr
    .
    ==== System Restore Points ===================
    .
    RP54: 8/7/2012 5:02:15 AM - Windows Update
    RP55: 8/14/2012 5:02:17 AM - Windows Update
    RP56: 8/15/2012 3:00:11 AM - Windows Update
    RP57: 8/16/2012 3:00:12 AM - Windows Update
    RP58: 8/21/2012 5:20:58 AM - Windows Update
    RP59: 10/10/2012 5:58:01 PM - Windows Update
    RP60: 10/10/2012 6:10:31 PM - Installed VIPdesk Scan Utility
    RP61: 10/11/2012 3:00:13 AM - Windows Update
    RP62: 10/11/2012 9:26:06 AM - Installed J2SE Runtime Environment 5.0 Update 17
    RP63: 10/11/2012 10:05:53 AM - Windows Update
    RP65: 10/12/2012 9:56:10 AM - Windows Defender Checkpoint
    RP66: 10/12/2012 10:01:59 AM - Installed AVG 2013
    RP67: 10/12/2012 10:02:19 AM - Installed AVG 2013
    RP68: 10/12/2012 10:29:39 AM - Removed Norton Online Backup
    RP69: 10/12/2012 10:31:19 AM - Removed AVG 2013
    RP70: 10/12/2012 10:32:37 AM - Removed AVG 2013
    RP71: 10/12/2012 10:50:01 AM - Installed AVG 2013
    RP72: 10/12/2012 10:50:36 AM - Installed AVG 2013
    RP73: 10/12/2012 7:53:38 PM - Removed J2SE Runtime Environment 5.0 Update 17
    .
    ==== Installed Programs ======================
    .
    Acrobat.com
    Adobe AIR
    Adobe Flash Player 11 ActiveX
    Adobe Reader 9.2 MUI
    Agatha Christie - 4:50 from Paddington
    Bejeweled 2 Deluxe
    Bing Bar
    Build-a-lot 2
    Chuzzle Deluxe
    Convergys Health Checker
    Coupon Printer for Windows
    D3DX10
    Diablo III
    Diner Dash 2 Restaurant Rescue
    Dora's World Adventure
    eBay Worldwide
    eMachines Games
    eMachines Recovery Management
    eMachines Registration
    eMachines ScreenSaver
    eMachines Updater
    Evernote v. 4.5.1
    EverQuest II
    Final Drive: Nitro
    Fooz Kids
    Fooz Kids Platform
    Galerie de photos Windows Live
    Hotkey Utility
    HP Deskjet 3050 J610 series Help
    HP Photo Creations
    HP Update
    Identity Card
    J2SE Runtime Environment 5.0 Update 17
    Java(TM) 7 Update 5
    JavaFX 2.1.1
    Jewel Quest Heritage
    Junk Mail filter update
    Mesh Runtime
    Microsoft Office 2010
    Microsoft Office Click-to-Run 2010
    Microsoft Office Live Meeting 2007
    Microsoft Office Starter 2010 - English
    Microsoft PowerPoint Viewer
    Microsoft SQL Server 2005 Compact Edition [ENU]
    Microsoft Visual C++ 2005 Redistributable
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
    MSVCRT
    MSVCRT_amd64
    MSXML 4.0 SP2 (KB954430)
    MSXML 4.0 SP2 (KB973688)
    Mystery P.I. - Stolen in San Francisco
    Namco All-Stars: PAC-MAN
    Nero Control Center 10
    Nero ControlCenter 10 Help (CHM)
    Nero Core Components 10
    Nero DiscSpeed 10
    Nero DiscSpeed 10 Help (CHM)
    Nero Express 10
    Nero Express 10 Help (CHM)
    Nero Multimedia Suite 10 Essentials
    Nero StartSmart 10
    Nero StartSmart 10 Help (CHM)
    Nero Update
    NOOK for PC
    NVIDIA ForceWare Network Access Manager
    NVIDIA Stereoscopic 3D Driver
    Penguins!
    Plants vs. Zombies - Game of the Year
    Poker Superstars III
    Polar Bowler
    Polar Golfer
    Realtek High Definition Audio Driver
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
    Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
    Times Reader
    Torchlight
    Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
    Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
    Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
    Update Installer for WildTangent Games App
    VIPdesk Scan Utility
    Virtual Villagers 4 - The Tree of Life
    VMware Player
    Welcome Center
    WildTangent Games App (eMachines Games)
    Windows Live
    Windows Live Communications Platform
    Windows Live Essentials
    Windows Live Installer
    Windows Live Mail
    Windows Live Mesh
    Windows Live Messenger
    Windows Live Movie Maker
    Windows Live Photo Common
    Windows Live Photo Gallery
    Windows Live PIMT Platform
    Windows Live SOXE
    Windows Live SOXE Definitions
    Windows Live UX Platform
    Windows Live UX Platform Language Pack
    Windows Live Writer
    Windows Live Writer Resources
    Zuma's Revenge
    .
    ==== Event Viewer Messages From Past Week ========
    .
    10/12/2012 9:19:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {9E175B6D-F52A-11D8-B9A5-505054503030}
    10/12/2012 9:19:52 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service WSearch with arguments "" in order to run the server: {7D096C5F-AC08-4F1F-BEB7-5C22C517CE39}
    10/12/2012 9:19:50 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service EventSystem with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
    10/12/2012 9:19:44 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service ShellHWDetection with arguments "" in order to run the server: {DD522ACC-F821-461A-A407-50B198B896DC}
    10/12/2012 9:19:26 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AVGIDSDriver Avgldx64 Avgmfx64 discache MpFilter spldr Wanarpv6
    10/12/2012 9:19:26 PM, Error: Service Control Manager [7001] - The Client Virtualization Handler service depends on the Application Virtualization Client service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 9:19:26 PM, Error: Service Control Manager [7001] - The AVGIDSAgent service depends on the AVGIDSDriver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 9:17:15 PM, Error: Service Control Manager [7001] - The Network List Service service depends on the Network Location Awareness service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 9:17:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netprofm with arguments "" in order to run the server: {A47979D2-C419-11D9-A5B4-001185AD2B89}
    10/12/2012 9:17:00 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1068" attempting to start the service netman with arguments "" in order to run the server: {BA126AD1-2166-11D1-B1D0-00805FC1270E}
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: AFD AVGIDSDriver Avgldx64 Avgmfx64 Avgtdia DfsC discache MpFilter NetBIOS NetBT nsiproxy Psched rdbss spldr tdx Wanarpv6 WfpLwf ws2ifsl
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7001] - The Workstation service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7001] - The TCP/IP NetBIOS Helper service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7001] - The SMB MiniRedirector Wrapper and Engine service depends on the Redirected Buffering Sub Sysytem service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7001] - The SMB 2.0 MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7001] - The SMB 1.x MiniRedirector service depends on the SMB MiniRedirector Wrapper and Engine service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7001] - The Network Store Interface Service service depends on the NSI proxy service driver. service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7001] - The Network Location Awareness service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7001] - The IP Helper service depends on the Network Store Interface Service service which failed to start because of the following error: The dependency service or group failed to start.
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7001] - The DNS Client service depends on the NetIO Legacy TDI Support Driver service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 9:15:59 PM, Error: Service Control Manager [7001] - The DHCP Client service depends on the Ancillary Function Driver for Winsock service which failed to start because of the following error: A device attached to the system is not functioning.
    10/12/2012 9:14:54 PM, Error: Service Control Manager [7006] - The ScRegSetValueExW call failed for FailureActions with the following error: Access is denied.
    10/12/2012 6:51:39 PM, Error: Microsoft-Windows-DistributedCOM [10005] - DCOM got error "1084" attempting to start the service MSIServer with arguments "" in order to run the server: {000C101C-0000-0000-C000-000000000046}
    10/12/2012 5:34:55 PM, Error: Service Control Manager [7011] - A timeout (30000 milliseconds) was reached while waiting for a transaction response from the avgwd service.
    .
    ==== End Of File ===========================



    .
    DDS (Ver_2011-08-26.01) - NTFSAMD64 NETWORK
    Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.7.0_05
    Run by Amber Baker at 21:25:25 on 2012-10-12
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.2152 [GMT -5:00]
    .
    AV: AVG Anti-Virus 2013 *Enabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    SP: AVG Anti-Virus 2013 *Enabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    .
    ============== Running Processes ===============
    .
    C:\Windows\system32\wininit.exe
    C:\Windows\system32\lsm.exe
    C:\Windows\system32\svchost.exe -k DcomLaunch
    C:\Windows\system32\svchost.exe -k RPCSS
    c:\Program Files\Microsoft Security Client\MsMpEng.exe
    C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
    C:\Windows\system32\svchost.exe -k netsvcs
    C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
    C:\Windows\system32\svchost.exe -k LocalService
    C:\Windows\system32\svchost.exe -k NetworkService
    C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
    C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
    C:\Windows\Explorer.EXE
    C:\Windows\system32\ctfmon.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Program Files (x86)\Internet Explorer\iexplore.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\system32\wbem\wmiprvse.exe
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\NOTEPAD.EXE
    C:\Windows\SysWOW64\cmd.exe
    C:\Windows\system32\conhost.exe
    C:\Windows\SysWOW64\cscript.exe
    .
    ============== Pseudo HJT Report ===============
    .
    uSearch Bar = Preserve
    uStart Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtA0B0CtCtDtC0EtCyCtDtN0D0Tzu0CtBzzyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1745024910
    uDefault_Page_URL = hxxp://emachines.msn.com
    mDefault_Page_URL = hxxp://emachines.msn.com
    mStart Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtA0B0CtCtDtC0EtCyCtDtN0D0Tzu0CtBzzyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1745024910
    mWinlogon: Userinit=userinit.exe
    BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.1\AVG Secure Search_toolbar.dll
    BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB: AVG Security Toolbar: {95b7759c-8c7f-4bf1-b163-73684a933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.1\AVG Secure Search_toolbar.dll
    TB: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    {e7df6bff-55a5-4eb7-a673-4ed3e9456d39}
    uRunOnce: [E00775CC6043E16000BCE006B9A7C2C0] C:\ProgramData\E00775CC6043E16000BCE006B9A7C2C0\E00775CC6043E16000BCE006B9A7C2C0.exe
    mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    mRun: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
    mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun: [<NO NAME>]
    mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
    mRun: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    mPolicies-explorer: NoActiveDesktop = 1 (0x1)
    mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
    mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
    mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
    mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
    IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
    LSP: C:\Program Files (x86)\VMware\VMware Player\vsocklib.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: convergysworkathome.com\www
    Trusted Zone: exodusvipdesk.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    Trusted Zone: vipdesk.com
    DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_17-windows-i586.cab
    DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    TCP: Interfaces\{AF5734B3-C8D3-4EC6-863D-6B90B39F75E0} : DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
    BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    BHO-X64: AcroIEHelperStub - No File
    BHO-X64: SSVHelper Class: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
    BHO-X64: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    BHO-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.1\AVG Secure Search_toolbar.dll
    BHO-X64: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
    TB-X64: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll"
    TB-X64: AVG Security Toolbar: {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.1\AVG Secure Search_toolbar.dll
    TB-X64: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    mRun-x64: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    mRun-x64: [Hotkey Utility] C:\Program Files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe
    mRun-x64: [VMware hqtray] "C:\Program Files (x86)\VMware\VMware Player\hqtray.exe"
    mRun-x64: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
    mRun-x64: [(Default)]
    mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
    mRun-x64: [SunJavaUpdateSched] "C:\Program Files (x86)\Java\jre7\bin\jusched.exe"
    mRun-x64: [ROC_ROC_NT] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe" / /PROMPT /CMPID=ROC_NT
    mRun-x64: [AVG_UI] "C:\Program Files (x86)\AVG\AVG2013\avgui.exe" /TRAYONLY
    mRun-x64: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
    mRun-x64: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12
    IE-X64: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204
    .
    ============= SERVICES / DRIVERS ===============
    .
    R0 AVGIDSHA;AVGIDSHA;C:\Windows\system32\DRIVERS\avgidsha.sys --> C:\Windows\system32\DRIVERS\avgidsha.sys [?]
    R0 Avgloga;AVG Logging Driver;C:\Windows\system32\DRIVERS\avgloga.sys --> C:\Windows\system32\DRIVERS\avgloga.sys [?]
    R0 Avgrkx64;AVG Anti-Rootkit Driver;C:\Windows\system32\DRIVERS\avgrkx64.sys --> C:\Windows\system32\DRIVERS\avgrkx64.sys [?]
    R1 Avgtdia;AVG TDI Driver;C:\Windows\system32\DRIVERS\avgtdia.sys --> C:\Windows\system32\DRIVERS\avgtdia.sys [?]
    R1 avgtp;avgtp;\??\C:\Windows\system32\drivers\avgtpx64.sys --> C:\Windows\system32\drivers\avgtpx64.sys [?]
    S0 MpFilter;Microsoft Malware Protection Driver;C:\Windows\system32\DRIVERS\MpFilter.sys --> C:\Windows\system32\DRIVERS\MpFilter.sys [?]
    S1 AVGIDSDriver;AVGIDSDriver;C:\Windows\system32\DRIVERS\avgidsdrivera.sys --> C:\Windows\system32\DRIVERS\avgidsdrivera.sys [?]
    S1 Avgldx64;AVG AVI Loader Driver;C:\Windows\system32\DRIVERS\avgldx64.sys --> C:\Windows\system32\DRIVERS\avgldx64.sys [?]
    S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;C:\Windows\system32\DRIVERS\avgmfx64.sys --> C:\Windows\system32\DRIVERS\avgmfx64.sys [?]
    S2 AVGIDSAgent;AVGIDSAgent;C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe [2012-8-20 5751928]
    S2 avgwd;AVG WatchDog;C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-8-20 184304]
    S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
    S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
    S2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624]
    S2 GREGService;GREGService;C:\Program Files (x86)\eMachines\Registration\GREGsvc.exe [2010-1-8 23584]
    S2 Live Updater Service;Live Updater Service;C:\Program Files\eMachines\eMachines Updater\UpdaterService.exe [2011-3-31 244624]
    S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe [2010-5-4 503080]
    S2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-1-26 378984]
    S2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-10-12 711112]
    S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
    S3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-3-2 183560]
    S3 GamesAppService;GamesAppService;C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    S3 NisDrv;Microsoft Network Inspection System;C:\Windows\system32\DRIVERS\NisDrvWFP.sys --> C:\Windows\system32\DRIVERS\NisDrvWFP.sys [?]
    S3 NisSrv;Microsoft Network Inspection;C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-9-12 368896]
    S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-1-9 4925184]
    S3 Sftfs;Sftfs;C:\Windows\system32\DRIVERS\Sftfslh.sys --> C:\Windows\system32\DRIVERS\Sftfslh.sys [?]
    S3 Sftplay;Sftplay;C:\Windows\system32\DRIVERS\Sftplaylh.sys --> C:\Windows\system32\DRIVERS\Sftplaylh.sys [?]
    S3 Sftredir;Sftredir;C:\Windows\system32\DRIVERS\Sftredirlh.sys --> C:\Windows\system32\DRIVERS\Sftredirlh.sys [?]
    S3 Sftvol;Sftvol;C:\Windows\system32\DRIVERS\Sftvollh.sys --> C:\Windows\system32\DRIVERS\Sftvollh.sys [?]
    S3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496]
    S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
    S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
    S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
    S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184]
    .
    =============== Created Last 30 ================
    .
    2012-10-12 23:31:34 -------- d-----w- C:\Program Files (x86)\PDFCreator
    2012-10-12 23:29:27 -------- d-----w- C:\Program Files (x86)\DownloadManager
    2012-10-12 23:28:52 -------- d-----w- C:\Users\Amber Baker\AppData\Local\Google
    2012-10-12 23:28:48 -------- d-----w- C:\Users\Amber Baker\AppData\Roaming\Babylon
    2012-10-12 23:28:48 -------- d-----w- C:\ProgramData\Babylon
    2012-10-12 22:33:10 -------- d-----w- C:\Users\Amber Baker\AppData\Local\LogMeIn Rescue Applet
    2012-10-12 16:01:39 972192 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{423A2158-CDBE-4B3F-8ECF-34EE67F8DB75}\gapaengine.dll
    2012-10-12 16:01:36 9308616 ----a-w- C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{ADD267AA-82C8-45BA-A164-31F83440471A}\mpengine.dll
    2012-10-12 15:58:57 -------- d-----w- C:\Program Files (x86)\Microsoft Security Client
    2012-10-12 15:58:55 -------- d-----w- C:\Program Files\Microsoft Security Client
    2012-10-12 15:53:56 -------- d-----w- C:\Users\Amber Baker\AppData\Roaming\AVG2013
    2012-10-12 15:52:40 -------- d-----w- C:\Users\Amber Baker\AppData\Local\AVG Secure Search
    2012-10-12 15:52:24 -------- d-----w- C:\ProgramData\AVG Secure Search
    2012-10-12 15:52:15 30568 ----a-w- C:\Windows\System32\drivers\avgtpx64.sys
    2012-10-12 15:52:13 -------- d-----w- C:\Program Files (x86)\Common Files\AVG Secure Search
    2012-10-12 15:52:12 -------- d-----w- C:\Program Files (x86)\AVG Secure Search
    2012-10-12 15:51:12 -------- d--h--w- C:\$AVG
    2012-10-12 15:51:12 -------- d-----w- C:\ProgramData\AVG2013
    2012-10-12 15:50:27 -------- d-----w- C:\Program Files (x86)\AVG
    2012-10-12 15:46:49 -------- d-----w- C:\50ffba3725469747bd
    2012-10-12 15:32:35 -------- d-----w- C:\Users\Amber Baker\AppData\Local\Avg2013
    2012-10-12 15:04:15 -------- d-----w- C:\Users\Amber Baker\AppData\Roaming\TuneUp Software
    2012-10-12 14:57:31 -------- d--h--w- C:\ProgramData\Common Files
    2012-10-12 14:57:31 -------- d-----w- C:\Users\Amber Baker\AppData\Local\MFAData
    2012-10-12 14:57:31 -------- d-----w- C:\ProgramData\MFAData
    2012-10-12 13:43:09 -------- d-----w- C:\ProgramData\E00775CC6043E16000BCE006B9A7C2C0
    2012-10-12 13:41:57 -------- d-----w- C:\Users\Amber Baker\AppData\Local\CrashDumps
    2012-10-12 08:34:01 9308616 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E2280455-F16B-4116-8BF7-DCBDBD2B10B4}\mpengine.dll
    2012-10-10 23:11:58 -------- d-----w- C:\Program Files (x86)\VIPdesk
    2012-10-10 22:59:11 1659760 ----a-w- C:\Windows\System32\drivers\ntfs.sys
    2012-10-10 22:59:09 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
    2012-10-10 22:59:08 3968880 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
    2012-10-10 22:59:08 3914096 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
    2012-10-10 22:51:51 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-10 22:51:51 696760 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
    2012-09-17 23:58:54 56672 ----a-w- C:\Windows\System32\drivers\avgidsha.sys
    2012-09-14 10:34:34 105312 ----a-w- C:\Windows\System32\drivers\avgmfx64.sys
    .
    ==================== Find3M ====================
    .
    2012-09-14 19:19:29 2048 ----a-w- C:\Windows\System32\tzres.dll
    2012-09-14 18:28:53 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
    2012-09-12 16:47:20 199520 ----a-w- C:\Windows\System32\drivers\avgtdia.sys
    2012-09-12 16:47:02 175968 ----a-w- C:\Windows\System32\drivers\avgldx64.sys
    2012-08-31 03:03:48 228768 ----a-w- C:\Windows\System32\drivers\MpFilter.sys
    2012-08-31 03:03:48 128456 ----a-w- C:\Windows\System32\drivers\NisDrvWFP.sys
    2012-08-24 18:05:07 220160 ----a-w- C:\Windows\System32\wintrust.dll
    2012-08-24 16:57:48 172544 ----a-w- C:\Windows\SysWow64\wintrust.dll
    2012-08-24 10:31:32 2312704 ----a-w- C:\Windows\System32\jscript9.dll
    2012-08-24 10:21:18 1392128 ----a-w- C:\Windows\System32\wininet.dll
    2012-08-24 10:20:11 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl
    2012-08-24 10:14:45 173056 ----a-w- C:\Windows\System32\ieUnatt.exe
    2012-08-24 10:13:29 599040 ----a-w- C:\Windows\System32\vbscript.dll
    2012-08-24 10:09:42 2382848 ----a-w- C:\Windows\System32\mshtml.tlb
    2012-08-24 06:59:17 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll
    2012-08-24 06:51:27 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll
    2012-08-24 06:51:02 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl
    2012-08-24 06:47:26 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe
    2012-08-24 06:47:12 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll
    2012-08-24 06:43:58 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb
    2012-08-22 18:12:50 1913200 ----a-w- C:\Windows\System32\drivers\tcpip.sys
    2012-08-22 18:12:40 950128 ----a-w- C:\Windows\System32\drivers\ndis.sys
    2012-08-22 18:12:40 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
    2012-08-22 18:12:33 288624 ----a-w- C:\Windows\System32\drivers\FWPKCLNT.SYS
    2012-08-21 21:01:00 245760 ----a-w- C:\Windows\System32\OxpsConverter.exe
    2012-08-20 18:48:44 362496 ----a-w- C:\Windows\System32\wow64win.dll
    2012-08-20 18:48:44 243200 ----a-w- C:\Windows\System32\wow64.dll
    2012-08-20 18:48:44 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
    2012-08-20 18:48:43 215040 ----a-w- C:\Windows\System32\winsrv.dll
    2012-08-20 18:48:37 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
    2012-08-20 18:48:35 424448 ----a-w- C:\Windows\System32\KernelBase.dll
    2012-08-20 18:46:22 338432 ----a-w- C:\Windows\System32\conhost.exe
    2012-08-20 17:40:21 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
    2012-08-20 17:38:44 44032 ----a-w- C:\Windows\apppatch\acwow64.dll
    2012-08-20 17:38:26 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
    2012-08-20 17:37:19 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
    2012-08-20 17:37:18 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
    2012-08-20 15:38:21 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
    2012-08-20 15:38:20 2048 ----a-w- C:\Windows\SysWow64\user.exe
    2012-08-20 15:33:28 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
    2012-08-20 15:33:28 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
    2012-08-20 15:33:28 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
    2012-08-20 15:33:28 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
    2012-08-13 21:40:52 150880 ----a-w- C:\Windows\System32\drivers\avgidsdrivera.sys
    2012-08-11 00:56:03 715776 ----a-w- C:\Windows\System32\kerberos.dll
    2012-08-10 23:56:14 542208 ----a-w- C:\Windows\SysWow64\kerberos.dll
    2012-08-10 09:52:16 40288 ----a-w- C:\Windows\System32\drivers\avgrkx64.sys
    2012-08-09 18:56:42 230240 ----a-w- C:\Windows\System32\drivers\avgloga.sys
    2012-08-02 17:58:52 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
    2012-08-02 16:57:20 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
    2012-07-18 18:15:06 3148800 ----a-w- C:\Windows\System32\win32k.sys
    .
    ============= FINISH: 21:25:58.47 ===============
     
  2. ShonaK

    ShonaK Thread Starter

    Joined:
    Oct 12, 2012
    Messages:
    7
    after reading a similar post about "system progressive security" I was going to try to follow the suggestions but when i clicked on AdwCleaner as the other person was told, it said it was flagged as an unsafe site and it would not let me go further.
    So I wait for a response that would be much appreciated. Thank you
     
  3. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,818
    first step

    Delete any existing version of ComboFix you have sitting on your desktop
    Please read and follow all these instructions very carefully
    Do not edit or remove any information or user names etc, otherwise we cannot fix the problem. If you insist on editing out anything then I will close the topic & refuse to offer any help.

    Download ComboFix from Hereto your Desktop.
    As you download it rename it to username123.exe


    **Note: It is important that it is saved directly to your desktop and run from the desktop and not any other folder on your computer**
    --------------------------------------------------------------------
    1. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

    • Very Important! Temporarily disable your anti-virus and anti-malware real-time protection and any script blocking components of them or your firewall before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results" or stop combofix running at all
    • Click on THIS LINK to see instructions on how to temporarily disable many security programs while running combofix. The list does not cover every program. If yours is not listed and you don't know how to disable it, please ask.
    • Remember to re enable the protection again after combofix has finished
    --------------------------------------------------------------------
    2. Close any open browsers and any other programs you might have running
    Double click on renamed combofix.exe & follow the prompts.​
    If you are using windows XP It might display a pop up saying that "Recovery console is not installed, do you want to install?"
    Please select yes & let it download the files it needs to do this. Once the recovery console is installed Combofix will then offer to scan for malware. Select continue or yes.
    When finished, it will produce a report for you.
    Please post the "C:\ComboFix.txt" for further review


    ****Note: Do not mouseclick combofix's window while it's running. That may cause it to stall or freeze ****

    Note: ComboFix may reset a number of Internet Explorer's settings, including making it the default browser.
    Note: Combofix prevents autorun of ALL CDs, floppies and USB devices to assist with malware removal & increase security.Read HERE why we disable autoruns

    Please do not install any new programs or update anything (always allow your antivirus/antispyware to update) unless told to do so while we are fixing your problem. If combofix alerts to a new version and offers to update, please let it. It is essential we always use the latest version.

    Please tell us if it has cured the problems or if there are any outstanding issues

    *EXTRA NOTES*
    • If Combofix detects any Rootkit/Bootkit activity on your system it will give a warning and prompt for a reboot, you must allow it to do so.
    • If Combofix reboot is due to a rootkit, the screen may stay black for several minutes on reboot, this is normal
    • If after running Combofix you receive any type of warning message about registry key's being listed for deletion when trying to open certain items, reboot the system and this will fix the issue (Those items will not be deleted)

    Post the log in next reply please...
     
  4. ShonaK

    ShonaK Thread Starter

    Joined:
    Oct 12, 2012
    Messages:
    7
    ComboFix 12-10-12.01 - Amber Baker 10/13/2012 10:37:22.1.2 - x64
    Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.2815.1789 [GMT -5:00]
    Running from: c:\users\Amber Baker\Desktop\username123.exe
    AV: AVG Anti-Virus 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
    AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
    SP: AVG Anti-Virus 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
    SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
    SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    .
    .
    ((((((((((((((((((((((((( Files Created from 2012-09-13 to 2012-10-13 )))))))))))))))))))))))))))))))
    .
    .
    2012-10-13 15:41 . 2012-10-13 15:41 -------- d-----w- c:\users\Default\AppData\Local\temp
    2012-10-13 15:26 . 2012-10-13 15:26 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
    2012-10-13 03:11 . 2012-10-13 03:11 -------- d-----w- c:\users\Amber Baker\AppData\Roaming\Malwarebytes
    2012-10-13 03:11 . 2012-10-13 03:11 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
    2012-10-13 03:11 . 2012-10-13 03:11 -------- d-----w- c:\programdata\Malwarebytes
    2012-10-13 03:11 . 2012-09-07 22:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
    2012-10-12 23:31 . 2012-10-12 23:31 -------- d-----w- c:\program files (x86)\PDFCreator
    2012-10-12 23:29 . 2012-10-12 23:50 -------- d-----w- c:\program files (x86)\DownloadManager
    2012-10-12 23:28 . 2012-10-12 23:28 -------- d-----w- c:\users\Amber Baker\AppData\Local\Google
    2012-10-12 23:28 . 2012-10-12 23:28 -------- d-----w- c:\users\Amber Baker\AppData\Roaming\Babylon
    2012-10-12 23:28 . 2012-10-12 23:28 -------- d-----w- c:\programdata\Babylon
    2012-10-12 22:33 . 2012-10-13 00:52 -------- d-----w- c:\users\Amber Baker\AppData\Local\LogMeIn Rescue Applet
    2012-10-12 16:01 . 2012-10-12 16:01 972192 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{423A2158-CDBE-4B3F-8ECF-34EE67F8DB75}\gapaengine.dll
    2012-10-12 16:01 . 2012-08-30 05:27 9308616 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{ADD267AA-82C8-45BA-A164-31F83440471A}\mpengine.dll
    2012-10-12 15:58 . 2012-10-12 15:58 -------- d-----w- c:\program files (x86)\Microsoft Security Client
    2012-10-12 15:58 . 2012-10-12 15:59 -------- d-----w- c:\program files\Microsoft Security Client
    2012-10-12 15:53 . 2012-10-12 15:53 -------- d-----w- c:\users\Amber Baker\AppData\Roaming\AVG2013
    2012-10-12 15:52 . 2012-10-12 15:52 -------- d-----w- c:\users\Amber Baker\AppData\Local\AVG Secure Search
    2012-10-12 15:52 . 2012-10-12 15:57 -------- d-----w- c:\programdata\AVG Secure Search
    2012-10-12 15:52 . 2012-10-12 15:51 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
    2012-10-12 15:52 . 2012-10-12 15:52 -------- d-----w- c:\program files (x86)\Common Files\AVG Secure Search
    2012-10-12 15:52 . 2012-10-12 15:52 -------- d-----w- c:\program files (x86)\AVG Secure Search
    2012-10-12 15:51 . 2012-10-12 15:52 -------- d-----w- c:\programdata\AVG2013
    2012-10-12 15:51 . 2012-10-12 15:51 -------- d-----w- C:\$AVG
    2012-10-12 15:50 . 2012-10-12 15:50 -------- d-----w- c:\program files (x86)\AVG
    2012-10-12 15:46 . 2012-10-12 15:46 -------- d-----w- C:\50ffba3725469747bd
    2012-10-12 15:32 . 2012-10-12 15:55 -------- d-----w- c:\users\Amber Baker\AppData\Local\Avg2013
    2012-10-12 15:04 . 2012-10-12 15:04 -------- d-----w- c:\users\Amber Baker\AppData\Roaming\TuneUp Software
    2012-10-12 14:57 . 2012-10-13 15:26 -------- d-----w- c:\programdata\MFAData
    2012-10-12 14:57 . 2012-10-12 14:57 -------- d--h--w- c:\programdata\Common Files
    2012-10-12 14:57 . 2012-10-12 14:57 -------- d-----w- c:\users\Amber Baker\AppData\Local\MFAData
    2012-10-12 13:43 . 2012-10-12 13:45 -------- d-----w- c:\programdata\E00775CC6043E16000BCE006B9A7C2C0
    2012-10-12 13:41 . 2012-10-12 13:41 -------- d-----w- c:\users\Amber Baker\AppData\Local\CrashDumps
    2012-10-12 08:34 . 2012-09-19 05:58 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E2280455-F16B-4116-8BF7-DCBDBD2B10B4}\mpengine.dll
    2012-10-10 23:11 . 2012-10-10 23:11 -------- d-----w- c:\program files (x86)\VIPdesk
    2012-10-10 22:59 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
    2012-10-10 22:59 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
    2012-10-10 22:59 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
    2012-10-10 22:59 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
    2012-10-10 22:51 . 2012-10-10 22:51 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
    2012-10-10 22:51 . 2012-10-10 22:51 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
    2012-10-10 22:51 . 2012-10-10 22:51 -------- d-----w- c:\windows\system32\Macromed
    2012-10-05 08:26 . 2012-10-05 08:26 111456 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
    2012-10-02 08:30 . 2012-10-02 08:30 185696 ----a-w- c:\windows\system32\drivers\avgldx64.sys
    2012-09-21 08:46 . 2012-09-21 08:46 200032 ----a-w- c:\windows\system32\drivers\avgtdia.sys
    2012-09-21 08:46 . 2012-09-21 08:46 225120 ----a-w- c:\windows\system32\drivers\avgloga.sys
    2012-09-21 08:45 . 2012-09-21 08:45 61792 ----a-w- c:\windows\system32\drivers\avgidsha.sys
    2012-09-14 08:05 . 2012-09-14 08:05 40800 ----a-w- c:\windows\system32\drivers\avgrkx64.sys
    .
    .
    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2012-09-28 05:18 . 2012-02-10 00:07 65309168 ----a-w- c:\windows\system32\MRT.exe
    2012-09-13 08:11 . 2012-09-13 08:11 151904 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
    2012-08-31 03:03 . 2012-08-31 03:03 228768 ----a-w- c:\windows\system32\drivers\MpFilter.sys
    2012-08-31 03:03 . 2012-08-31 03:03 128456 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
    2012-08-20 17:38 . 2012-10-10 22:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
    2012-07-18 18:15 . 2012-08-15 01:19 3148800 ----a-w- c:\windows\system32\win32k.sys
    .
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4
    .
    [HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
    2012-10-12 15:51 1792968 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.1\AVG Secure Search_toolbar.dll
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
    "{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.1\AVG Secure Search_toolbar.dll" [2012-10-12 1792968]
    .
    [HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
    [HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
    "Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-10-03 35696]
    "Hotkey Utility"="c:\program files (x86)\eMachines\Hotkey Utility\HotkeyUtility.exe" [2011-01-19 620136]
    "VMware hqtray"="c:\program files (x86)\VMware\VMware Player\hqtray.exe" [2010-11-11 64112]
    "HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2010-06-10 49208]
    "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
    "AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-10-10 3116152]
    "vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-10-12 993736]
    "ROC_roc_ssl_v12"="c:\program files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" [2012-10-12 1020512]
    .
    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
    "ConsentPromptBehaviorAdmin"= 5 (0x5)
    "ConsentPromptBehaviorUser"= 3 (0x3)
    "EnableUIADesktopToggle"= 0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
    "LoadAppInit_DLLs"=0 (0x0)
    .
    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
    Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
    @="Service"
    .
    R1 sysduexu;sysduexu;c:\windows\system32\drivers\sysduexu.sys [x]
    R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-10-02 5783672]
    R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
    R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 250808]
    R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-02 183560]
    R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
    R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-31 128456]
    R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-09-13 368896]
    R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
    R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
    R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
    R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-09 1255736]
    R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
    S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-21 61792]
    S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
    S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-10-05 111456]
    S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
    S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-09-13 151904]
    S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
    S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
    S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-10-12 30568]
    S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-02 193568]
    S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
    S2 GREGService;GREGService;c:\program files (x86)\eMachines\Registration\GREGsvc.exe [2010-01-08 23584]
    S2 Live Updater Service;Live Updater Service;c:\program files\eMachines\eMachines Updater\UpdaterService.exe [2011-01-31 244624]
    S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
    S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
    S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
    S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
    S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-01-27 378984]
    S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys [2010-11-11 81008]
    S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [2010-11-11 539248]
    S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-10-12 711112]
    S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
    S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
    S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
    S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
    S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
    S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
    .
    .
    Contents of the 'Scheduled Tasks' folder
    .
    2012-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
    - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-10 22:51]
    .
    .
    --------- X64 Entries -----------
    .
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-09 10060320]
    "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-13 1289704]
    .
    ------- Supplementary Scan -------
    .
    uLocal Page = c:\windows\system32\blank.htm
    uStart Page = hxxp://www.google.com/
    mDefault_Page_URL = hxxp://emachines.msn.com
    mStart Page = hxxp://searchfunmoods.com/?f=1&a=iron2&chnl=iron2&cd=2XzuyEtN2Y1L1Qzu0FzztD0FyEtCtA0B0CtCtDtC0EtCyCtDtN0D0Tzu0CtBzzyCtN1L2XzutBtFtBtFtDtFtAyEyE&cr=1745024910
    mLocal Page = c:\windows\SysWOW64\blank.htm
    LSP: c:\program files (x86)\VMware\VMware Player\vsocklib.dll
    Trusted Zone: clonewarsadventures.com
    Trusted Zone: convergysworkathome.com\www
    Trusted Zone: exodusvipdesk.com
    Trusted Zone: freerealms.com
    Trusted Zone: soe.com
    Trusted Zone: sony.com
    Trusted Zone: vipdesk.com
    TCP: DhcpNameServer = 68.105.28.11 68.105.29.11 68.105.28.12
    Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
    DPF: {A084A130-28AE-4B32-B51A-1C8CE164BC88} - hxxp://www.convergysworkathome.com/AppHardT.CAB
    .
    - - - - ORPHANS REMOVED - - - -
    .
    Toolbar-Locked - (no file)
    Wow6432Node-HKLM-Run-<NO NAME> - (no file)
    Wow6432Node-HKLM-Run-ROC_ROC_NT - c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe
    Wow6432Node-HKLM-Run-SunJavaUpdateSched - c:\program files (x86)\Java\jre7\bin\jusched.exe
    Toolbar-Locked - (no file)
    WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
    .
    .
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
    "Enabled"=dword:00000001
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Shockwave Flash Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
    @="0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
    @="ShockwaveFlash.ShockwaveFlash.11"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="ShockwaveFlash.ShockwaveFlash"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
    @Denied: (A 2) (Everyone)
    @="Macromedia Flash Factory Object"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
    "ThreadingModel"="Apartment"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
    @="FlashFactory.FlashFactory.1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
    @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
    @="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
    @="1.0"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
    @="FlashFactory.FlashFactory"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker5"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"
    .
    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
    @Denied: (Full) (Everyone)
    .
    Completion time: 2012-10-13 10:43:28
    ComboFix-quarantined-files.txt 2012-10-13 15:43
    .
    Pre-Run: 917,352,849,408 bytes free
    Post-Run: 917,890,641,920 bytes free
    .
    - - End Of File - - 6EC676F0A4CE2B810623B1D3A212A540
     
  5. ShonaK

    ShonaK Thread Starter

    Joined:
    Oct 12, 2012
    Messages:
    7
    I did download the malwarebytes last night after i had posted this so the results of the scan you asked me to do is after malwarebytes was run. So far I have not had any pop ups. Please let me know what you think about the results.

    THank you
     
  6. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,818
    looks ok but still has babylon showing so

    Please download AdwCleaner to your desktop.
    • Double click the adwcleaner.exe to run the tool.
    • Click Search.
    • When the scan finished, a notepad window will be opened.
    • Please post the contents here in your topic.
    • The logfile will also be saved in C:\AdwCleaner[R1].txt.
     
  7. ShonaK

    ShonaK Thread Starter

    Joined:
    Oct 12, 2012
    Messages:
    7
    I tried to do that last night and it tells me it is unsafe to download....
     
  8. ShonaK

    ShonaK Thread Starter

    Joined:
    Oct 12, 2012
    Messages:
    7
    and still again it is not letting me download it... is there another option to get rid of the babylon
     
  9. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,818
    it is safe to download
    I see smart filter in IE is blocking it . I will report taht to MIcrosoft to see if thyy can unblock it
    it is the easiest way to get rid of babylon

    can you use firefox to downlaod it or temporarily turn off smart screen filter to download it
    to turn off smart screen filter, click on tools/safety/turn off smartscreen filter
     
  10. dvk01

    dvk01 Derek Moderator Malware Specialist

    Joined:
    Dec 14, 2002
    Messages:
    47,818
  11. ShonaK

    ShonaK Thread Starter

    Joined:
    Oct 12, 2012
    Messages:
    7
    I will check it out tomorrow and try it.. thank you for the link. I will send the info just as soon as i get it
     
  12. Sponsor

As Seen On
As Seen On...

Welcome to Tech Support Guy!

Are you looking for the solution to your computer problem? Join our site today to ask your question. This site is completely free -- paid for by advertisers and donations.

If you're not already familiar with forums, watch our Welcome Guide to get started.

Join over 733,556 other people just like you!

Loading...
Thread Status:
Not open for further replies.

Short URL to this thread: https://techguy.org/1072451